Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6fdbd0d2 by security tracker role at 2018-03-08T21:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,269 @@ +CVE-2018-7888 + RESERVED +CVE-2018-7887 + RESERVED +CVE-2018-7886 + RESERVED +CVE-2018-7885 + RESERVED +CVE-2018-7884 + RESERVED +CVE-2018-7883 + RESERVED +CVE-2018-7882 + RESERVED +CVE-2018-7881 + RESERVED +CVE-2018-7880 + RESERVED +CVE-2018-7879 + RESERVED +CVE-2018-7878 + RESERVED +CVE-2018-7877 (There is a heap-based buffer overflow in the getString function of ...) + TODO: check +CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the ...) + TODO: check +CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ...) + TODO: check +CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in ...) + TODO: check +CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of ...) + TODO: check +CVE-2018-7872 (An invalid memory address dereference was discovered in the function ...) + TODO: check +CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of ...) + TODO: check +CVE-2018-7870 (An invalid memory address dereference was discovered in getString in ...) + TODO: check +CVE-2018-7869 (There is a memory leak triggered in the function dcinit of ...) + TODO: check +CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of ...) + TODO: check +CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of ...) + TODO: check +CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...) + TODO: check +CVE-2018-7865 + RESERVED +CVE-2018-7864 + RESERVED +CVE-2018-7863 + RESERVED +CVE-2018-7862 + RESERVED +CVE-2018-7861 + RESERVED +CVE-2018-7860 + RESERVED +CVE-2018-7859 + RESERVED +CVE-2018-7858 + RESERVED +CVE-2018-7857 + RESERVED +CVE-2018-7856 + RESERVED +CVE-2018-7855 + RESERVED +CVE-2018-7854 + RESERVED +CVE-2018-7853 + RESERVED +CVE-2018-7852 + RESERVED +CVE-2018-7851 + RESERVED +CVE-2018-7850 + RESERVED +CVE-2018-7849 + RESERVED +CVE-2018-7848 + RESERVED +CVE-2018-7847 + RESERVED +CVE-2018-7846 + RESERVED +CVE-2018-7845 + RESERVED +CVE-2018-7844 + RESERVED +CVE-2018-7843 + RESERVED +CVE-2018-7842 + RESERVED +CVE-2018-7841 + RESERVED +CVE-2018-7840 + RESERVED +CVE-2018-7839 + RESERVED +CVE-2018-7838 + RESERVED +CVE-2018-7837 + RESERVED +CVE-2018-7836 + RESERVED +CVE-2018-7835 + RESERVED +CVE-2018-7834 + RESERVED +CVE-2018-7833 + RESERVED +CVE-2018-7832 + RESERVED +CVE-2018-7831 + RESERVED +CVE-2018-7830 + RESERVED +CVE-2018-7829 + RESERVED +CVE-2018-7828 + RESERVED +CVE-2018-7827 + RESERVED +CVE-2018-7826 + RESERVED +CVE-2018-7825 + RESERVED +CVE-2018-7824 + RESERVED +CVE-2018-7823 + RESERVED +CVE-2018-7822 + RESERVED +CVE-2018-7821 + RESERVED +CVE-2018-7820 + RESERVED +CVE-2018-7819 + RESERVED +CVE-2018-7818 + RESERVED +CVE-2018-7817 + RESERVED +CVE-2018-7816 + RESERVED +CVE-2018-7815 + RESERVED +CVE-2018-7814 + RESERVED +CVE-2018-7813 + RESERVED +CVE-2018-7812 + RESERVED +CVE-2018-7811 + RESERVED +CVE-2018-7810 + RESERVED +CVE-2018-7809 + RESERVED +CVE-2018-7808 + RESERVED +CVE-2018-7807 + RESERVED +CVE-2018-7806 + RESERVED +CVE-2018-7805 + RESERVED +CVE-2018-7804 + RESERVED +CVE-2018-7803 + RESERVED +CVE-2018-7802 + RESERVED +CVE-2018-7801 + RESERVED +CVE-2018-7800 + RESERVED +CVE-2018-7799 + RESERVED +CVE-2018-7798 + RESERVED +CVE-2018-7797 + RESERVED +CVE-2018-7796 + RESERVED +CVE-2018-7795 + RESERVED +CVE-2018-7794 + RESERVED +CVE-2018-7793 + RESERVED +CVE-2018-7792 + RESERVED +CVE-2018-7791 + RESERVED +CVE-2018-7790 + RESERVED +CVE-2018-7789 + RESERVED +CVE-2018-7788 + RESERVED +CVE-2018-7787 + RESERVED +CVE-2018-7786 + RESERVED +CVE-2018-7785 + RESERVED +CVE-2018-7784 + RESERVED +CVE-2018-7783 + RESERVED +CVE-2018-7782 + RESERVED +CVE-2018-7781 + RESERVED +CVE-2018-7780 + RESERVED +CVE-2018-7779 + RESERVED +CVE-2018-7778 + RESERVED +CVE-2018-7777 + RESERVED +CVE-2018-7776 + RESERVED +CVE-2018-7775 + RESERVED +CVE-2018-7774 + RESERVED +CVE-2018-7773 + RESERVED +CVE-2018-7772 + RESERVED +CVE-2018-7771 + RESERVED +CVE-2018-7770 + RESERVED +CVE-2018-7769 + RESERVED +CVE-2018-7768 + RESERVED +CVE-2018-7767 + RESERVED +CVE-2018-7766 + RESERVED +CVE-2018-7765 + RESERVED +CVE-2018-7764 + RESERVED +CVE-2018-7763 + RESERVED +CVE-2018-7762 + RESERVED +CVE-2018-7761 + RESERVED +CVE-2018-7760 + RESERVED +CVE-2018-7759 + RESERVED +CVE-2018-7758 + RESERVED +CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in ...) + TODO: check +CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does ...) + TODO: check CVE-2018-7756 RESERVED CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...) @@ -334,7 +600,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to NOTE: https://github.com/zkat/ssri/issues/10 NOTE: https://nodesecurity.io/advisories/565 NOTE: nodejs not covered by security support -CVE-2018-1000119 (Sinatra rack-protection version 2.0.0.rc3 and earlier contains a ...) +CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier ...) - ruby-rack-protection <unfixed> (bug #892250) NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470 NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395 @@ -1900,8 +2166,7 @@ CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before upda NOTE: http://www.kb.cert.org/vuls/id/961909 NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S -CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit] - RESERVED +CVE-2018-7183 (Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 ...) - ntp <unfixed> - ntpsec <not-affected> (Issue not present) NOTE: http://www.kb.cert.org/vuls/id/961909 @@ -7087,8 +7352,8 @@ CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 NOTE: https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678 NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4 -CVE-2018-5313 - RESERVED +CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid ...) + TODO: check CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...) - matrixssl <removed> [wheezy] - matrixssl <end-of-life> (not supported in Wheezy) @@ -8368,12 +8633,12 @@ CVE-2018-4842 RESERVED CVE-2018-4841 RESERVED -CVE-2018-4840 - RESERVED -CVE-2018-4839 - RESERVED -CVE-2018-4838 - RESERVED +CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...) + TODO: check +CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...) + TODO: check +CVE-2018-4838 (A vulnerability has been identified in Siemens EN100 Ethernet module ...) + TODO: check CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic < ...) NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < ...) @@ -16522,10 +16787,10 @@ CVE-2018-1445 RESERVED CVE-2018-1444 RESERVED -CVE-2018-1443 - RESERVED -CVE-2018-1442 - RESERVED +CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on ...) + TODO: check +CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring ...) + TODO: check CVE-2018-1441 RESERVED CVE-2018-1440 @@ -16634,8 +16899,8 @@ CVE-2018-1389 RESERVED CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...) NOT-FOR-US: IBM WebSphere MQ -CVE-2018-1387 - RESERVED +CVE-2018-1387 (IBM Application Performance Management for Monitoring & Diagnostics ...) + TODO: check CVE-2018-1386 RESERVED CVE-2018-1385 @@ -17703,18 +17968,18 @@ CVE-2018-1222 RESERVED CVE-2018-1221 RESERVED -CVE-2018-1220 - RESERVED -CVE-2018-1219 - RESERVED +CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...) + TODO: check +CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...) + TODO: check CVE-2018-1218 RESERVED CVE-2018-1217 RESERVED -CVE-2018-1216 - RESERVED -CVE-2018-1215 - RESERVED +CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...) + TODO: check +CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager ...) + TODO: check CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...) NOT-FOR-US: EMC CVE-2018-1213 @@ -17783,8 +18048,8 @@ CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines NOT-FOR-US: EMC CVE-2018-1183 RESERVED -CVE-2018-1182 - RESERVED +CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle ...) + TODO: check CVE-2018-1181 RESERVED CVE-2017-17447 @@ -40751,15 +41016,15 @@ CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow CVE-2017-9976 RESERVED CVE-2017-9975 - RESERVED + REJECTED CVE-2017-9974 - RESERVED + REJECTED CVE-2017-9973 - RESERVED + REJECTED CVE-2017-9972 - RESERVED + REJECTED CVE-2017-9971 - RESERVED + REJECTED CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's ...) NOT-FOR-US: Schneider Electric CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...) @@ -49827,22 +50092,22 @@ CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileg NOT-FOR-US: Proxifier for Mac CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin -CVE-2017-7641 - RESERVED -CVE-2017-7640 - RESERVED +CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) + TODO: check +CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) + TODO: check CVE-2017-7639 RESERVED -CVE-2017-7638 - RESERVED +CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...) + TODO: check CVE-2017-7637 RESERVED CVE-2017-7636 RESERVED CVE-2017-7635 RESERVED -CVE-2017-7634 - RESERVED +CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...) + TODO: check CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...) NOT-FOR-US: QNAP CVE-2017-7632 @@ -54743,8 +55008,8 @@ CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 NOT-FOR-US: F5 BIG-IP CVE-2017-6153 RESERVED -CVE-2017-6152 - RESERVED +CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...) + TODO: check CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - ...) @@ -67848,8 +68113,8 @@ CVE-2017-1627 RESERVED CVE-2017-1626 RESERVED -CVE-2017-1625 - RESERVED +CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...) + TODO: check CVE-2017-1624 RESERVED CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...) @@ -134630,13 +134895,11 @@ CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verif CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does ...) {DSA-3091-1 DLA-106-1} - getmail4 4.44.0-1 (bug #766670) -CVE-2014-7272 [multiple vulnerabilities in sddm] - RESERVED +CVE-2014-7272 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...) [experimental] - sddm 0.11.0-1 - sddm 0.11.0-2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788 -CVE-2014-7271 [unauthenticated logins as sddm] - RESERVED +CVE-2014-7271 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...) [experimental] - sddm 0.11.0-1 - sddm 0.11.0-2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fdbd0d2903b7393f3c69ff88d966b7f4590f707 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fdbd0d2903b7393f3c69ff88d966b7f4590f707 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits